images/data-sync/kubernetes.yaml

---
# Usage:
#  Create the ssh keypair using Makefile found in images/data-sync:
#    cd ../images/data-sync
#    make data-sync
#
#  Edit this file to mount your desired volumes
#  Then launch this here with 'make data-sync'
#  If you want more than 2 nodes kept in sync, add the service.data-sync
#    label to more nodes and invoke kubectl scale.

apiVersion: v1
kind: Service
metadata:
  name: $SERVICE_NAME
  labels:
    app.kubernetes.io/name: $SERVICE_NAME
spec:
  clusterIP: None
  ports:
  - { port: 22, targetPort: 22 }
  selector:
    app.kubernetes.io/name: $SERVICE_NAME
    release: "0.1"
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app.kubernetes.io/name: $SERVICE_NAME
    release: "0.1"
  name: $SERVICE_NAME
spec:
  replicas: $DATA_SYNC_CLUSTER_SIZE
  selector:
    matchLabels:
      app.kubernetes.io/name: $SERVICE_NAME
      release: "0.1"
  serviceName: $SERVICE_NAME
  template:
    metadata:
      labels:
        app.kubernetes.io/name: $SERVICE_NAME
        release: "0.1"
    spec:
      containers:
      - name: $SERVICE_NAME
        env:
        - name: PUBKEY1
          valueFrom:
            secretKeyRef:
              name: $DATA_SYNC_SECRET
              key: pubkey1
        - name: PUBKEY2
          valueFrom:
            secretKeyRef:
              name: $DATA_SYNC_SECRET
              key: pubkey2
        - { name: SYNC_INTERVAL, value: "2" }
        - { name: TZ, value: $TZ }
        image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_DATA_SYNC
        ports:
        - containerPort: 22
        resources:
          limits:
            memory: 4096Mi
          requests:
            memory: 256Mi
        volumeMounts:
        - name: archive
          mountPath: /root/.unison
        - name: config
          mountPath: /etc/unison.d/common.prf
          subPath: common.prf
        - mountPath: /etc/ssh
          name: etc
        - mountPath: /var/log/unison
          name: logs
        - mountPath: /var/data-sync/share
          name: share
        # Customize your list of mounted volumes here
        - mountPath: /var/data-sync/cloud
          name: cloud
        - mountPath: /var/data-sync/dos
          name: dos
        - mountPath: /var/data-sync/gitlab
          name: gitlab
        - mountPath: /var/data-sync/home
          name: home
        - mountPath: /var/data-sync/household
          name: household
        - mountPath: /var/data-sync/jira
          name: jira
        - mountPath: /var/data-sync/nexus
          name: nexus
        - mountPath: /run/secrets/data-sync-sshkey1
          name: sshkeys
          subPath: sshkey1
        - mountPath: /run/secrets/data-sync-sshkey2
          name: sshkeys
          subPath: sshkey2
      imagePullSecrets: [ $IMAGEPULL_SPEC ]
      nodeSelector:
        service.$SERVICE_NAME: allow
      volumes:
      - name: config
        configMap:
          name: $SERVICE_NAME
      - name: sshkeys
        secret:
          secretName: $DATA_SYNC_SECRET
      - name: logs
        hostPath: { path: $K8S_VOLUMES_PATH/sync-logs/$SERVICE_NAME }
  volumeClaimTemplates:
  - metadata:
      name: archive
    spec:
      accessModes: [ ReadWriteOnce ]
      resources:
        requests:
          storage: 500Mi
  - metadata:
      name: etc
    spec:
      accessModes: [ ReadWriteOnce ]
      resources:
        requests:
          storage: 500Mi
  - metadata:
      name: share
    spec:
      accessModes: [ ReadWriteMany ]
      resources:
        requests:
          storage: 8Gi
      selector:
        matchLabels:
          volume.group: share
  - metadata:
      name: cloud
    spec:
      accessModes: [ ReadWriteMany ]
      resources:
        requests:
          storage: 8Gi
      selector:
        matchLabels:
          volume.group: cloud
  - metadata:
      name: dos
    spec:
      accessModes: [ ReadWriteMany ]
      resources:
        requests:
          storage: 8Gi
      selector:
        matchLabels:
          volume.group: dos
  - metadata:
      name: gitlab
    spec:
      accessModes: [ ReadWriteMany ]
      resources:
        requests:
          storage: 8Gi
      selector:
        matchLabels:
          volume.group: gitlab
  - metadata:
      name: home
    spec:
      accessModes: [ ReadWriteMany ]
      resources:
        requests:
          storage: 8Gi
      selector:
        matchLabels:
          volume.group: home
  - metadata:
      name: household
    spec:
      accessModes: [ ReadWriteMany ]
      resources:
        requests:
          storage: 8Gi
      selector:
        matchLabels:
          volume.group: household
  - metadata:
      name: jira
    spec:
      accessModes: [ ReadWriteMany ]
      resources:
        requests:
          storage: 8Gi
      selector:
        matchLabels:
          volume.group: jira
  - metadata:
      name: nexus
    spec:
      accessModes: [ ReadWriteMany ]
      resources:
        requests:
          storage: 8Gi
      selector:
        matchLabels:
          volume.group: nexus
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: $SERVICE_NAME
data:
  common.prf: |
    # Directives for unison
    ignore = Name .Xauthority
    ignore = Name atlassian-jira-security.log
    ignore = Name DVRWorkDirectory
    ignore = Name ldapi
    ignore = Name lost+found
    ignore = Name msg.sock
    # jenkins
    ignore = Name *KubernetesClients.log
    ignore = Name *socket
    ignore = Name .s.PGSQL.5432
    ignore = Name pgstat.stat
    ignore = Path data-sync/share/artifactory/data/data/derby/log
    ignore = Path data-sync/share/artifactory/data/logs/request.log
    ignore = Path data-sync/share/nagios/var/rw
    ignore = Path data-sync/dos
    ignore = Path data-sync/duplicati/config
    ignore = Path data-sync/gitlab/data/postgresql/data/pg_stat_tmp
    ignore = Path data-sync/gitlab/data/prometheus/data
    ignore = Path data-sync/gitlab/data/redis/dump.rdb
    ignore = Path data-sync/gitlab/data/gitaly
    ignore = Path data-sync/gitlab/logs/sshd/current
    ignore = Path data-sync/jira/home/analytics-logs
    ignore = Path data-sync/jira/home/log/atlassian-jira.log
    ignore = Path data-sync/jira/home/log/atlassian-jira-perf.log
    ignore = Path data-sync/jira/home/monitor/ConnectionPoolGraph.rrd4j
    ignore = Path data-sync/jira/home/monitor/DatabaseReadWritesGraph.rrd4j
    ignore = Path data-sync/jira/home/plugins/.osgi-plugins/felix/felix-cache
    ignore = Path data-sync/jira/logs
    ignore = Path data-sync/nexus/db/accesslog
    ignore = Path redis/current
    ignore = Path data-sync/samba-dc/var/lib/winbindd_privileged/pipe
    ignore = Path data-sync/syslog/log/messages
    ignore = Path data-sync/syslog/log/secure
    ignore = Path data-sync/nexus/elasticsearch
    ignore = Path data-sync/nexus/log/nexus.log
    ignore = Path data-sync/nexus/log/request.log

    auto   = true
    batch  = true
    confirmbigdel = true
    copythreshold = 10000
    copyquoterem = false
    # SYS-400 overall performance is absolutely awful without this
    fastercheckUNSAFE = true

    group  = true
    owner  = true
    times  = true

    prefer = newer
    silent = true

    sshargs = -i /root/.ssh/data-sync.rsa
    logfile = /var/log/unison/unison.log